From d2100c0ae06cdf692b17e65d2e5bbb82ac21fe7c Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@linuxprogramming.test.bacchus.network>
Date: Thu, 17 Oct 2019 01:34:52 -0600
Subject: [PATCH] move LE challenge root outside webroot

---
 build/Dockerfile                          | 5 +++--
 build/sites/05-test_nonsecured.conf       | 2 +-
 build/sites/05-test_secured.conf.disabled | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 3116eae..3d18dbd 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,6 +1,6 @@
 FROM nginx:mainline-alpine
 
-# add fun error pages
+# add fun error pages & LetsEncrypt challenge directory outside webroot
 RUN apk --no-cache add git \
     && cd /usr/share/nginx/html \
     && rm -rf * \
@@ -8,7 +8,8 @@ RUN apk --no-cache add git \
     && apk del git \
     && mv /tmp/errorpages/ ./ \
     && rm -rf /tmp/* \
-    && rm -rf /tmp/.git*
+    && rm -rf /tmp/.git* \
+    && mkdir /LEchallenge
 
 # standardized labels
 LABEL maintainer="Asif Bacchus <asif@bacchus.cloud>"
diff --git a/build/sites/05-test_nonsecured.conf b/build/sites/05-test_nonsecured.conf
index a345b86..345b155 100644
--- a/build/sites/05-test_nonsecured.conf
+++ b/build/sites/05-test_nonsecured.conf
@@ -15,7 +15,7 @@ server {
         error_log /var/log/nginx/LetsEncrypt_error.log warn;
 
         default_type text/plain;
-        root /usr/share/nginx/html/letsencrypt;
+        root /LEChallenge;
         autoindex on;
     }
 
diff --git a/build/sites/05-test_secured.conf.disabled b/build/sites/05-test_secured.conf.disabled
index a5099bc..2473c00 100644
--- a/build/sites/05-test_secured.conf.disabled
+++ b/build/sites/05-test_secured.conf.disabled
@@ -16,7 +16,7 @@ server {
         error_log /var/log/nginx/LetsEncrypt_error.log warn;
 
         default_type text/plain;
-        root /usr/share/nginx/html/letsencrypt;
+        root /LEChallenge;
         autoindex on;
     }